<!DOCTYPE html>





<html lang="zh-CN">
<head>
  <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=2">
<meta name="theme-color" content="#222">
<meta name="generator" content="Hexo 3.9.0">
  <link rel="apple-touch-icon" sizes="180x180" href="/images/favicon.ico?v=7.4.0">
  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon.ico?v=7.4.0">
  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon.ico?v=7.4.0">
  <link rel="mask-icon" href="/images/logo.svg?v=7.4.0" color="#222">

<link rel="stylesheet" href="/css/main.css?v=7.4.0">


<link rel="stylesheet" href="/lib/font-awesome/css/font-awesome.min.css?v=4.7.0">


<script id="hexo-configurations">
  var NexT = window.NexT || {};
  var CONFIG = {
    root: '/',
    scheme: 'Gemini',
    version: '7.4.0',
    exturl: false,
    sidebar: {"position":"left","display":"post","offset":12,"onmobile":false,"dimmer":false},
    copycode: {"enable":false,"show_result":false,"style":null},
    back2top: {"enable":true,"sidebar":false,"scrollpercent":false},
    bookmark: {"enable":false,"color":"#222","save":"auto"},
    fancybox: false,
    mediumzoom: false,
    lazyload: false,
    pangu: false,
    algolia: {
      appID: '',
      apiKey: '',
      indexName: '',
      hits: {"per_page":10},
      labels: {"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}
    },
    localsearch: {"enable":true,"trigger":"auto","top_n_per_article":1,"unescape":false,"preload":false},
    path: 'search.json',
    motion: {"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}},
    translation: {
      copy_button: '复制',
      copy_success: '复制成功',
      copy_failure: '复制失败'
    },
    sidebarPadding: 40
  };
</script>

  <meta name="description" content="1. https 协议简介HTTPS 协议（HyperText Transfer Protocol over Secure Socket Layer）：可以理解为HTTP+SSL/TLS， 即 HTTP 下加入 SSL 层，HTTPS 的安全基础是 SSL，因此加密的详细内容就需要 SSL，用于安全的 HTTP 数据传输。  SSL历史和版本  1994年，NetScape公司设计了SSL协议（S">
<meta name="keywords" content="golang,linux,http">
<meta property="og:type" content="article">
<meta property="og:title" content="https协议简介,网站支持https, golang启动https">
<meta property="og:url" content="https://unix2dos.github.io/p/fcd8becb.html">
<meta property="og:site_name" content="Levon&#39;s Blog">
<meta property="og:description" content="1. https 协议简介HTTPS 协议（HyperText Transfer Protocol over Secure Socket Layer）：可以理解为HTTP+SSL/TLS， 即 HTTP 下加入 SSL 层，HTTPS 的安全基础是 SSL，因此加密的详细内容就需要 SSL，用于安全的 HTTP 数据传输。  SSL历史和版本  1994年，NetScape公司设计了SSL协议（S">
<meta property="og:locale" content="zh-CN">
<meta property="og:image" content="https://unix2dos.github.io/p/https%E5%8D%8F%E8%AE%AE_%E7%BD%91%E7%AB%99%E6%94%AF%E6%8C%81https_%E9%80%9A%E8%BF%87golang%E5%90%AF%E5%8A%A8https/1.png">
<meta property="og:image" content="https://unix2dos.github.io/p/https%E5%8D%8F%E8%AE%AE_%E7%BD%91%E7%AB%99%E6%94%AF%E6%8C%81https_%E9%80%9A%E8%BF%87golang%E5%90%AF%E5%8A%A8https/2.png">
<meta property="og:image" content="https://unix2dos.github.io/p/https%E5%8D%8F%E8%AE%AE_%E7%BD%91%E7%AB%99%E6%94%AF%E6%8C%81https_%E9%80%9A%E8%BF%87golang%E5%90%AF%E5%8A%A8https/3.png">
<meta property="og:image" content="https://unix2dos.github.io/p/https%E5%8D%8F%E8%AE%AE_%E7%BD%91%E7%AB%99%E6%94%AF%E6%8C%81https_%E9%80%9A%E8%BF%87golang%E5%90%AF%E5%8A%A8https/4.png">
<meta property="og:image" content="https://unix2dos.github.io/p/https%E5%8D%8F%E8%AE%AE_%E7%BD%91%E7%AB%99%E6%94%AF%E6%8C%81https_%E9%80%9A%E8%BF%87golang%E5%90%AF%E5%8A%A8https/5.png">
<meta property="og:updated_time" content="2019-09-27T15:36:51.143Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="https协议简介,网站支持https, golang启动https">
<meta name="twitter:description" content="1. https 协议简介HTTPS 协议（HyperText Transfer Protocol over Secure Socket Layer）：可以理解为HTTP+SSL/TLS， 即 HTTP 下加入 SSL 层，HTTPS 的安全基础是 SSL，因此加密的详细内容就需要 SSL，用于安全的 HTTP 数据传输。  SSL历史和版本  1994年，NetScape公司设计了SSL协议（S">
<meta name="twitter:image" content="https://unix2dos.github.io/p/https%E5%8D%8F%E8%AE%AE_%E7%BD%91%E7%AB%99%E6%94%AF%E6%8C%81https_%E9%80%9A%E8%BF%87golang%E5%90%AF%E5%8A%A8https/1.png">
  <link rel="canonical" href="https://unix2dos.github.io/p/fcd8becb">


<script id="page-configurations">
  // https://hexo.io/docs/variables.html
  CONFIG.page = {
    sidebar: "",
    isHome: false,
    isPost: true,
    isPage: false,
    isArchive: false
  };
</script>

  <title>https协议简介,网站支持https, golang启动https | Levon's Blog</title>
  








  <noscript>
  <style>
  .use-motion .brand,
  .use-motion .menu-item,
  .sidebar-inner,
  .use-motion .post-block,
  .use-motion .pagination,
  .use-motion .comments,
  .use-motion .post-header,
  .use-motion .post-body,
  .use-motion .collection-header { opacity: initial; }

  .use-motion .logo,
  .use-motion .site-title,
  .use-motion .site-subtitle {
    opacity: initial;
    top: initial;
  }

  .use-motion .logo-line-before i { left: initial; }
  .use-motion .logo-line-after i { right: initial; }
  </style>
</noscript>

</head>

<body itemscope itemtype="http://schema.org/WebPage" lang="zh-CN">
  <div class="container use-motion">
    <div class="headband"></div>

    <header id="header" class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-container">
  <div class="site-meta">

    <div>
      <a href="/" class="brand" rel="start">
        <span class="logo-line-before"><i></i></span>
        <span class="site-title">Levon's Blog</span>
        <span class="logo-line-after"><i></i></span>
      </a>
    </div>
        <h1 class="site-subtitle" itemprop="description">微信:  L6241425</h1>
      
  </div>

  <div class="site-nav-toggle">
    <button aria-label="切换导航栏">
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
      <span class="btn-bar"></span>
    </button>
  </div>
</div>


<nav class="site-nav">
  
  <ul id="menu" class="menu">
      
      
      
        
        <li class="menu-item menu-item-home">
      
    

    <a href="/" rel="section"><i class="menu-item-icon fa fa-fw fa-home"></i> <br>首页</a>

  </li>
      
      
      
        
        <li class="menu-item menu-item-archives">
      
    

    <a href="/archives/" rel="section"><i class="menu-item-icon fa fa-fw fa-archive"></i> <br>时光</a>

  </li>
      
      
      
        
        <li class="menu-item menu-item-categories">
      
    

    <a href="/categories/" rel="section"><i class="menu-item-icon fa fa-fw fa-th"></i> <br>分类</a>

  </li>
      
      
      
        
        <li class="menu-item menu-item-tags">
      
    

    <a href="/tags/" rel="section"><i class="menu-item-icon fa fa-fw fa-tags"></i> <br>标签</a>

  </li>
      <li class="menu-item menu-item-search">
        <a href="javascript:;" class="popup-trigger">
        
          <i class="menu-item-icon fa fa-search fa-fw"></i> <br>搜索</a>
      </li>
    
  </ul>

</nav>
  <div class="site-search">
    <div class="popup search-popup">
    <div class="search-header">
  <span class="search-icon">
    <i class="fa fa-search"></i>
  </span>
  <div class="search-input-container">
    <input autocomplete="off" autocorrect="off" autocapitalize="none"
           placeholder="搜索..." spellcheck="false"
           type="text" id="search-input">
  </div>
  <span class="popup-btn-close">
    <i class="fa fa-times-circle"></i>
  </span>
</div>
<div id="search-result"></div>

</div>
<div class="search-pop-overlay"></div>

  </div>
</div>
    </header>

    
  <div class="back-to-top">
    <i class="fa fa-arrow-up"></i>
    <span>0%</span>
  </div>


    <main id="main" class="main">
      <div class="main-inner">
        <div class="content-wrap">
            

          <div id="content" class="content">
            

  <div id="posts" class="posts-expand">
      <article itemscope itemtype="http://schema.org/Article">
  
  
  
  <div class="post-block post">
    <link itemprop="mainEntityOfPage" href="https://unix2dos.github.io/p/fcd8becb.html">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="name" content="Levon">
      <meta itemprop="description" content="Never Give Up">
      <meta itemprop="image" content="/images/avatar.jpg">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="Levon's Blog">
    </span>
      <header class="post-header">
        <h2 class="post-title" itemprop="name headline">https协议简介,网站支持https, golang启动https

          
        </h2>

        <div class="post-meta">
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-calendar-o"></i>
              </span>
              <span class="post-meta-item-text">发表于</span>

              
                
              

              <time title="创建时间：2019-07-18 19:08:01" itemprop="dateCreated datePublished" datetime="2019-07-18T19:08:01+08:00">2019-07-18</time>
            </span>
          
            

            
              <span class="post-meta-item">
                <span class="post-meta-item-icon">
                  <i class="fa fa-calendar-check-o"></i>
                </span>
                <span class="post-meta-item-text">更新于</span>
                <time title="修改时间：2019-09-27 23:36:51" itemprop="dateModified" datetime="2019-09-27T23:36:51+08:00">2019-09-27</time>
              </span>
            
          
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="fa fa-folder-o"></i>
              </span>
              <span class="post-meta-item-text">分类于</span>
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing"><a href="/categories/2-linux系统/" itemprop="url" rel="index"><span itemprop="name">2-linux系统</span></a></span>

                
                
                  ，
                
              
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing"><a href="/categories/2-linux系统/https/" itemprop="url" rel="index"><span itemprop="name">https</span></a></span>

                
                
              
            </span>
          

          
  
  <span class="post-meta-item">
    
      <span class="post-meta-item-icon">
        <i class="fa fa-comment-o"></i>
      </span>
        
      
      <span class="post-meta-item-text">Disqus：</span>
    
    <a title="disqus" href="/p/fcd8becb.html#comments" itemprop="discussionUrl"><span class="post-comments-count disqus-comment-count" data-disqus-identifier="p/fcd8becb.html" itemprop="commentCount"></span></a>
  </span>
  
  
          <br>
            <span class="post-meta-item" title="本文字数">
              <span class="post-meta-item-icon">
                <i class="fa fa-file-word-o"></i>
              </span>
              
                <span class="post-meta-item-text">本文字数：</span>
              
              <span>8.6k</span>
            </span>
          
            <span class="post-meta-item" title="阅读时长">
              <span class="post-meta-item-icon">
                <i class="fa fa-clock-o"></i>
              </span>
              
                <span class="post-meta-item-text">阅读时长 &asymp;</span>
              
              <span>8 分钟</span>
            </span>
          

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
        <h3 id="1-https-协议简介"><a href="#1-https-协议简介" class="headerlink" title="1. https 协议简介"></a>1. https 协议简介</h3><p>HTTPS 协议（HyperText Transfer Protocol over Secure Socket Layer）：可以理解为HTTP+SSL/TLS， 即 HTTP 下加入 SSL 层，HTTPS 的安全基础是 SSL，因此加密的详细内容就需要 SSL，用于安全的 HTTP 数据传输。</p>
<blockquote>
<p>SSL历史和版本</p>
</blockquote>
<p>1994年，NetScape公司设计了SSL协议（Secure Sockets Layer）的1.0版，但是未发布。</p>
<p>1995年，NetScape公司发布SSL 2.0版，很快发现有严重漏洞。</p>
<p>1996年，SSL 3.0版问世，得到大规模应用。</p>
<p>1999年，互联网标准化组织ISOC接替NetScape公司，发布了SSL的升级版TLS 1.0版。</p>
<p>2006年和2008年，TLS进行了两次升级，分别为TLS 1.1版和TLS 1.2版。最新的变动是2011年TLS 1.2的修订版。</p>
<p>目前，应用最广泛的是TLS 1.0，接下来是SSL 3.0。但是，主流浏览器都已经实现了TLS 1.2的支持。</p>
<hr>
<p>TLS 1.0通常被标示为SSL 3.1</p>
<p>TLS 1.1为SSL 3.2，</p>
<p>TLS 1.2为SSL 3.3。</p>
<a id="more"></a>


<h3 id="2-https-非对称加密和数字证书"><a href="#2-https-非对称加密和数字证书" class="headerlink" title="2. https 非对称加密和数字证书"></a>2. https 非对称加密和数字证书</h3><ul>
<li><p>HTTPS的数据传输是加密的。实际使用中，HTTPS利用的是对称与非对称加密算法结合的方式。</p>
</li>
<li><p>对称加密，就是通信双方使用一个密钥，该密钥既用于数据加密（发送方），也用于数据解密（接收方）。</p>
</li>
<li><p>非对称加密，使用两个密钥。发送方使用公钥（公开密钥）对数据进行加密，数据接收方使用私钥对数据进行解密。</p>
</li>
<li><p>实际操作中，单纯使用对称加密或单纯使用非对称加密都会存在一些问题，比如对称加密的密钥管理复杂；非对称加密的处理性能低、资源占用高等，因 此HTTPS结合了这两种方式。</p>
</li>
<li><p>HTTPS服务端在连接建立过程（ssl shaking握手协议）中，会将自身的公钥发送给客户端。客户端拿到公钥后，与服务端协商数据传输通道的对称加密密钥-对话密钥，随后的这个协商过程则 是基于非对称加密的（因为这时客户端已经拿到了公钥，而服务端有私钥）。</p>
</li>
<li><p>一旦双方协商出对话密钥，则后续的数据通讯就会一直使用基于该对话密钥的对称加密算法了。(对称加密会加快速度)</p>
</li>
</ul>
<p>上述过程有一个问题，那就是双方握手过程中，如何保障HTTPS服务端发送给客户端的公钥信息没有被篡改呢？实际应用中，HTTPS并非直接传输公钥信息，而是使用携带公钥信息的数字证书来保证公钥的安全性和完整性。</p>
<p>数字证书，又称互联网上的”身份证”，用于唯一标识一个组织或一个服务器的，这就好比我们日常生活中使用的”居民身份证”，用于唯一标识一个人。</p>
<p>服务端将数字证书传输给客户端，客户端如何校验这个证书的真伪呢？我们知道居民身份证是由国家统一制作和颁发的，个人向户口所在地公安机关申请，国家颁发的身份证才具有法律效力，任何地方这个身份证都是有效和可被接纳的。</p>
<p>网站的证书也是同样的道理。一般来说数字证书从受信的权威证书授权机构 (Certification Authority，证书授权机构)买来的（免费的很少）。一般浏览器在出厂时就内置了诸多知名CA（如Verisign、GoDaddy、美国国防部、 CNNIC等）的数字证书校验方法，只要是这些CA机构颁发的证书，浏览器都能校验。</p>
<p>对于CA未知的证书，浏览器则会报错。主流浏览器都有证书管理功能，但鉴于这些功能比较高级，一般用户是不用去关心的。</p>
<h3 id="3-让自己的网站支持-https"><a href="#3-让自己的网站支持-https" class="headerlink" title="3. 让自己的网站支持 https"></a>3. 让自己的网站支持 https</h3><ul>
<li><p>使用 Let’s Encrypt 提供的免费证书, 放到自己的服务器中, 并且在nginx配置好证书路径, 这样使用浏览器访问的时候就会见到熟悉的绿色小锁头了. 需要注意证书必须颁发给<code>某个域名</code>, 所以<code>ip地址</code>无效.</p>
</li>
<li><p>安装工具certbot</p>
</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">git clone https://github.com/certbot/certbot</span><br><span class="line">cd certbot</span><br><span class="line">chmod +x certbot-auto</span><br><span class="line">	</span><br><span class="line"># certbot-auto 即为自动化脚本工具, 他会判断你的服务是nginx还是apache, 然后执行对应逻辑</span><br><span class="line">./certbot-auto --help</span><br></pre></td></tr></table></figure>

<ul>
<li>生成证书</li>
</ul>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># webroot代表webroot根目录模式, certonly代表只生成证书 邮箱亲测没啥大用, 域名一定要和自己要申请证书的域名一致</span></span><br><span class="line">./certbot-auto certonly --webroot --agree-tos -v -t --email 你的邮箱 -w 服务器根目录 -d 你要申请的域名</span><br><span class="line">	</span><br><span class="line">	</span><br><span class="line"><span class="comment"># 实际如下</span></span><br><span class="line">./certbot-auto certonly --webroot --agree-tos -v -t --email levonfly@gmail.com -w /var/www/html/ -d a.xuanyueting.com</span><br></pre></td></tr></table></figure>

<p>然后会在/etc/letsencrypt/目录下生成相关文件, 你所需要的证书其实在<code>/etc/letsencrypt/live/a.xuanyueting.com/</code>目录中.</p>
<p><code>fullchain.pem</code>可以看作是证书公钥, <code>privkey.pem</code>是证书私钥, 是我们下面需要使用到的两个文件</p>
<ul>
<li>nginx 配置支持 https</li>
</ul>
<figure class="highlight nginx"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br></pre></td><td class="code"><pre><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">    <span class="attribute">listen</span> <span class="number">80</span> default_server;</span><br><span class="line">    <span class="attribute">listen</span> [::]:<span class="number">80</span> default_server;</span><br><span class="line">    <span class="attribute">rewrite</span><span class="regexp"> ^</span> https://<span class="variable">$http_host</span><span class="variable">$request_uri</span>? <span class="literal">permanent</span>;</span><br><span class="line">&#125;</span><br><span class="line"></span><br><span class="line"></span><br><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">	  <span class="attribute">listen</span> <span class="number">443</span> ssl default_server;</span><br><span class="line">    <span class="attribute">listen</span> [::]:<span class="number">443</span> ssl default_server;</span><br><span class="line">    <span class="attribute">ssl_certificate</span> <span class="string">"/etc/letsencrypt/live/a.xuanyueting.com/fullchain.pem"</span>;</span><br><span class="line">    <span class="attribute">ssl_certificate_key</span> <span class="string">"/etc/letsencrypt/live/a.xuanyueting.com/privkey.pem"</span>;</span><br><span class="line">    </span><br><span class="line">    <span class="attribute">root</span> /var/www/html;</span><br><span class="line">    ....</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<ul>
<li>重启 nginx 验证</li>
</ul>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">sudo service nginx restart</span><br></pre></td></tr></table></figure>

<p>访问 a.xuanyueting.com, 会发现出现了小绿锁</p>
<h3 id="4-freesn网站免费申请"><a href="#4-freesn网站免费申请" class="headerlink" title="4. freesn网站免费申请"></a>4. freesn网站免费申请</h3><ul>
<li><p><a href="https://freessl.cn/" target="_blank" rel="noopener">https://freessl.cn/</a> 注册账号</p>
</li>
<li><p>选择Let’s Encrypt V2 支持通配符</p>
<p><img src="https%E5%8D%8F%E8%AE%AE_%E7%BD%91%E7%AB%99%E6%94%AF%E6%8C%81https_%E9%80%9A%E8%BF%87golang%E5%90%AF%E5%8A%A8https/1.png" alt="1"></p>
</li>
<li><p>启动keymanager(需要下载), 设置一个密码</p>
</li>
<li><p>浏览器拉起keymanager, 会自动生成一个csr</p>
</li>
<li><p>DNS 验证</p>
<p><img src="https%E5%8D%8F%E8%AE%AE_%E7%BD%91%E7%AB%99%E6%94%AF%E6%8C%81https_%E9%80%9A%E8%BF%87golang%E5%90%AF%E5%8A%A8https/2.png" alt="1"></p>
<p>CA 将通过查询 DNS 的 TXT 记录来确定您对该域名的所有权。您只需要在域名管理平台将生成的 TXT 记录名与记录值添加到该域名下，等待大约 1 分钟即可验证成功。</p>
</li>
</ul>
<p>  需要你到你的域名托管服务商那里添加一条 TXT 记录，其中记录名称为第二行的内容,记录值为第三行的内容。</p>
<p>  <img src="https%E5%8D%8F%E8%AE%AE_%E7%BD%91%E7%AB%99%E6%94%AF%E6%8C%81https_%E9%80%9A%E8%BF%87golang%E5%90%AF%E5%8A%A8https/3.png" alt="1"></p>
<ul>
<li><p>生成证书并且下载, 建议保存到key manager里<br>  <img src="https%E5%8D%8F%E8%AE%AE_%E7%BD%91%E7%AB%99%E6%94%AF%E6%8C%81https_%E9%80%9A%E8%BF%87golang%E5%90%AF%E5%8A%A8https/4.png" alt="1"></p>
</li>
<li><p>保存到key manager里, 有效期3个月, 选择导出证书, nginx, 2个文件crt 和 key<br><img src="https%E5%8D%8F%E8%AE%AE_%E7%BD%91%E7%AB%99%E6%94%AF%E6%8C%81https_%E9%80%9A%E8%BF%87golang%E5%90%AF%E5%8A%A8https/5.png" alt="1"></p>
</li>
<li><p>Nginx 配置</p>
<figure class="highlight nginx"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">        <span class="attribute">listen</span> <span class="number">80</span> default_server;<span class="comment">#一定要加上default_server,否则多个server会找第一个为默认</span></span><br><span class="line">        <span class="attribute">listen</span> [::]:<span class="number">80</span> default_server;<span class="comment">#监听所有的ipv6的地址</span></span><br><span class="line">        <span class="attribute">rewrite</span><span class="regexp"> ^</span> https://<span class="variable">$http_host</span><span class="variable">$request_uri</span>? <span class="literal">permanent</span>; <span class="comment">#https 跳转到 https,永久重定向向</span></span><br><span class="line">&#125;</span><br><span class="line"><span class="section">server</span> &#123;</span><br><span class="line">        <span class="attribute">listen</span> <span class="number">443</span> ssl default_server;</span><br><span class="line">        <span class="attribute">listen</span> [::]:<span class="number">443</span> ssl default_server;</span><br><span class="line">        <span class="attribute">ssl_certificate</span> <span class="string">"/etc/nginx/ssl/*.liuvv.com_chain.crt"</span>;</span><br><span class="line">        <span class="attribute">ssl_certificate_key</span> <span class="string">"/etc/nginx/ssl/*.liuvv.com_key.key"</span>;</span><br><span class="line">        <span class="attribute">root</span> /home/levonfly/www;</span><br><span class="line">        <span class="attribute">index</span> index.html;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>



</li>
</ul>
<h3 id="5-acme自动生成并更新证书"><a href="#5-acme自动生成并更新证书" class="headerlink" title="5. acme自动生成并更新证书"></a>5. acme自动生成并更新证书</h3><ul>
<li><a href="https://www.liuvv.com/p/ee822cec.html" target="_blank" rel="noopener">https://www.liuvv.com/p/ee822cec.html</a></li>
</ul>
<h3 id="6-golang-实现一个最简单的HTTPS-Web-Server"><a href="#6-golang-实现一个最简单的HTTPS-Web-Server" class="headerlink" title="6. golang 实现一个最简单的HTTPS Web Server"></a>6. golang 实现一个最简单的HTTPS Web Server</h3><ul>
<li>生成私钥和证书</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">openssl genrsa -out server.key 2048 //生成私钥</span><br><span class="line">openssl req -new -x509 -key server.key -out server.pem -days 3650 //生成证书</span><br></pre></td></tr></table></figure>

<ul>
<li>server.go</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line">package main</span><br><span class="line">	</span><br><span class="line">import (</span><br><span class="line">	&quot;fmt&quot;</span><br><span class="line">	&quot;net/http&quot;</span><br><span class="line">)</span><br><span class="line">	</span><br><span class="line">func handler(w http.ResponseWriter, r *http.Request) &#123;</span><br><span class="line">	fmt.Fprintf(w, &quot;Hi, This is an example of https service in golang!&quot;)</span><br><span class="line">&#125;</span><br><span class="line">	</span><br><span class="line">func main() &#123;</span><br><span class="line">	http.HandleFunc(&quot;/&quot;, handler)</span><br><span class="line">	http.ListenAndServeTLS(&quot;:8081&quot;, &quot;server.pem&quot;, &quot;server.key&quot;, nil)</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<p>通过浏览器访问：<a href="https://localhost:8081" target="_blank" rel="noopener">https://localhost:8081</a> 会出现您的连接不是私密连接, 因为我们使用的是自签发的数字证书</p>
<ul>
<li>客户端访问</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br></pre></td><td class="code"><pre><span class="line">package main</span><br><span class="line">	</span><br><span class="line">import (</span><br><span class="line">	&quot;crypto/tls&quot;</span><br><span class="line">	&quot;fmt&quot;</span><br><span class="line">	&quot;io/ioutil&quot;</span><br><span class="line">	&quot;net/http&quot;</span><br><span class="line">)</span><br><span class="line">	</span><br><span class="line">func main() &#123;</span><br><span class="line">	//通过设置tls.Config的InsecureSkipVerify为true，client将不再对服务端的证书进行校验。</span><br><span class="line">	ts := &amp;http.Transport&#123;TLSClientConfig: &amp;tls.Config&#123;InsecureSkipVerify: true&#125;&#125; </span><br><span class="line">	client := &amp;http.Client&#123;Transport: ts&#125;</span><br><span class="line">	</span><br><span class="line">	resp, err := client.Get(&quot;https://localhost:8081&quot;)</span><br><span class="line">	if err != nil &#123;</span><br><span class="line">		fmt.Println(&quot;error:&quot;, err)</span><br><span class="line">		return</span><br><span class="line">	&#125;</span><br><span class="line">	defer resp.Body.Close()</span><br><span class="line">	body, err := ioutil.ReadAll(resp.Body)</span><br><span class="line">	fmt.Println(string(body))</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<h3 id="对服务端数字证书进行验证"><a href="#对服务端数字证书进行验证" class="headerlink" title="对服务端数字证书进行验证"></a>对服务端数字证书进行验证</h3><p>接下来我们来验证一下客户端对服务端数字证书进行验证:</p>
<ul>
<li>首先我们来建立我们自己的CA，需要生成一个CA私钥和一个CA的数字证书:</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">openssl genrsa -out ca.key 2048</span><br><span class="line">	</span><br><span class="line">openssl req -x509 -new -nodes -key ca.key -subj &quot;/CN=tonybai.com&quot; -days 5000 -out ca.crt</span><br></pre></td></tr></table></figure>

<ul>
<li>接下来，生成server端的私钥，生成数字证书请求，并用我们的ca私钥签发server的数字证书：</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">openssl genrsa -out server.key 2048</span><br><span class="line">	</span><br><span class="line">openssl req -new -key server.key -subj &quot;/CN=localhost&quot; -out server.csr</span><br><span class="line">	</span><br><span class="line">openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 5000</span><br></pre></td></tr></table></figure>

<ul>
<li>现在我们的工作目录下有如下一些私钥和证书文件：</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">CA:</span><br><span class="line">私钥文件 ca.key</span><br><span class="line">数字证书 ca.crt</span><br><span class="line"></span><br><span class="line">Server:</span><br><span class="line">私钥文件 server.key</span><br><span class="line">数字证书 server.crt</span><br></pre></td></tr></table></figure>

<ul>
<li>客户端验证服务端数字证书</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br></pre></td><td class="code"><pre><span class="line">package main</span><br><span class="line">	</span><br><span class="line">import (</span><br><span class="line">	&quot;crypto/tls&quot;</span><br><span class="line">	&quot;crypto/x509&quot;</span><br><span class="line">	&quot;fmt&quot;</span><br><span class="line">	&quot;io/ioutil&quot;</span><br><span class="line">	&quot;net/http&quot;</span><br><span class="line">)</span><br><span class="line">	</span><br><span class="line">func main() &#123;</span><br><span class="line">	</span><br><span class="line">	pool := x509.NewCertPool()</span><br><span class="line">	caCrt, err := ioutil.ReadFile(&quot;ca.crt&quot;)</span><br><span class="line">	if err != nil &#123;</span><br><span class="line">		fmt.Println(&quot;ReadFile err:&quot;, err)</span><br><span class="line">		return</span><br><span class="line">	&#125;</span><br><span class="line">	pool.AppendCertsFromPEM(caCrt)</span><br><span class="line">	</span><br><span class="line">	ts := &amp;http.Transport&#123;</span><br><span class="line">		TLSClientConfig: &amp;tls.Config&#123;</span><br><span class="line">			RootCAs:            pool,</span><br><span class="line">			InsecureSkipVerify: false,</span><br><span class="line">		&#125;,</span><br><span class="line">	&#125;</span><br><span class="line">	client := &amp;http.Client&#123;Transport: ts&#125;</span><br><span class="line">	</span><br><span class="line">	resp, err := client.Get(&quot;https://localhost:8081&quot;)</span><br><span class="line">	if err != nil &#123;</span><br><span class="line">		fmt.Println(&quot;error:&quot;, err)</span><br><span class="line">		return</span><br><span class="line">	&#125;</span><br><span class="line">	defer resp.Body.Close()</span><br><span class="line">	body, err := ioutil.ReadAll(resp.Body)</span><br><span class="line">	fmt.Println(string(body))</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<h3 id="对客户端的证书进行校验-双向证书校验）"><a href="#对客户端的证书进行校验-双向证书校验）" class="headerlink" title="对客户端的证书进行校验(双向证书校验）"></a>对客户端的证书进行校验(双向证书校验）</h3><ul>
<li>要对客户端数字证书进行校验，首先客户端需要先有自己的证书。</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">openssl genrsa -out client.key 2048</span><br><span class="line">	</span><br><span class="line">openssl req -new -key client.key -subj &quot;/CN=tonybai_cn&quot; -out client.csr</span><br><span class="line">	</span><br><span class="line">openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 5000</span><br></pre></td></tr></table></figure>

<ul>
<li>首先server端需要要求校验client端的数字证书，并且加载用于校验数字证书的ca.crt，因此我们需要对server进行更加灵活的控制：</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br></pre></td><td class="code"><pre><span class="line">package main</span><br><span class="line">	</span><br><span class="line">import (</span><br><span class="line">	&quot;crypto/tls&quot;</span><br><span class="line">	&quot;crypto/x509&quot;</span><br><span class="line">	&quot;fmt&quot;</span><br><span class="line">	&quot;io/ioutil&quot;</span><br><span class="line">	&quot;net/http&quot;</span><br><span class="line">)</span><br><span class="line">	</span><br><span class="line">func handler(w http.ResponseWriter, r *http.Request) &#123;</span><br><span class="line">	fmt.Fprintf(w, &quot;Hi, This is an example of https service in golang!&quot;)</span><br><span class="line">&#125;</span><br><span class="line">	</span><br><span class="line">func main() &#123;</span><br><span class="line">	pool := x509.NewCertPool()</span><br><span class="line">	caCrt, err := ioutil.ReadFile(&quot;ca.crt&quot;)</span><br><span class="line">	if err != nil &#123;</span><br><span class="line">		fmt.Println(&quot;ReadFile err:&quot;, err)</span><br><span class="line">		return</span><br><span class="line">	&#125;</span><br><span class="line">	pool.AppendCertsFromPEM(caCrt)</span><br><span class="line">	</span><br><span class="line">	s := &amp;http.Server&#123;</span><br><span class="line">		Addr:    &quot;:8081&quot;,</span><br><span class="line">		Handler: http.HandlerFunc(handler),</span><br><span class="line">		TLSConfig: &amp;tls.Config&#123;</span><br><span class="line">			ClientCAs:  pool,</span><br><span class="line">			ClientAuth: tls.RequireAndVerifyClientCert, //强制校验client端证书</span><br><span class="line">		&#125;,</span><br><span class="line">	&#125;</span><br><span class="line">	</span><br><span class="line">	s.ListenAndServeTLS(&quot;server.crt&quot;, &quot;server.key&quot;)</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>

<ul>
<li>client端变化也很大，需要加载client.key和client.crt用于server端连接时的证书校验：</li>
</ul>
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br></pre></td><td class="code"><pre><span class="line">package main</span><br><span class="line">	</span><br><span class="line">import (</span><br><span class="line">	&quot;crypto/tls&quot;</span><br><span class="line">	&quot;crypto/x509&quot;</span><br><span class="line">	&quot;fmt&quot;</span><br><span class="line">	&quot;io/ioutil&quot;</span><br><span class="line">	&quot;net/http&quot;</span><br><span class="line">)</span><br><span class="line">	</span><br><span class="line">func main() &#123;</span><br><span class="line">	</span><br><span class="line">	pool := x509.NewCertPool()</span><br><span class="line">	caCrt, err := ioutil.ReadFile(&quot;ca.crt&quot;)</span><br><span class="line">	if err != nil &#123;</span><br><span class="line">		fmt.Println(&quot;ReadFile err:&quot;, err)</span><br><span class="line">		return</span><br><span class="line">	&#125;</span><br><span class="line">	pool.AppendCertsFromPEM(caCrt)</span><br><span class="line">	</span><br><span class="line">	cliCrt, err := tls.LoadX509KeyPair(&quot;client.crt&quot;, &quot;client.key&quot;)</span><br><span class="line">	if err != nil &#123;</span><br><span class="line">		fmt.Println(&quot;Loadx509keypair err:&quot;, err)</span><br><span class="line">		return</span><br><span class="line">	&#125;</span><br><span class="line">	</span><br><span class="line">	ts := &amp;http.Transport&#123;</span><br><span class="line">		TLSClientConfig: &amp;tls.Config&#123;</span><br><span class="line">			RootCAs:            pool, //client端是 RootCAs</span><br><span class="line">			Certificates:       []tls.Certificate&#123;cliCrt&#125;,</span><br><span class="line">			InsecureSkipVerify: false,</span><br><span class="line">		&#125;,</span><br><span class="line">	&#125;</span><br><span class="line">	client := &amp;http.Client&#123;Transport: ts&#125;</span><br><span class="line">	</span><br><span class="line">	resp, err := client.Get(&quot;https://localhost:8081&quot;)</span><br><span class="line">	if err != nil &#123;</span><br><span class="line">		fmt.Println(&quot;error:&quot;, err)</span><br><span class="line">		return</span><br><span class="line">	&#125;</span><br><span class="line">	defer resp.Body.Close()</span><br><span class="line">	body, err := ioutil.ReadAll(resp.Body)</span><br><span class="line">	fmt.Println(string(body))</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure>
    </div>

    
    
    
        
      
        <div id="reward-container">
  <div>坚持原创技术分享，您的支持将鼓励我继续创作, 一个耿直的笑脸~</div>
  <button id="reward-button" disable="enable" onclick="var qr = document.getElementById(&quot;qr&quot;); qr.style.display = (qr.style.display === 'none') ? 'block' : 'none';">
    打赏
  </button>
  <div id="qr" style="display: none;">
        
      
      <div style="display: inline-block">
        <img src="/images/wechatpay.jpg" alt="Levon 微信支付">
        <p>微信支付</p>
      </div>
        
      
      <div style="display: inline-block">
        <img src="/images/alipay.jpg" alt="Levon 支付宝">
        <p>支付宝</p>
      </div>

  </div>
</div>

      

      <footer class="post-footer">
          
            
          
          <div class="post-tags">
            
              <a href="/tags/golang/" rel="tag"># golang</a>
            
              <a href="/tags/linux/" rel="tag"># linux</a>
            
              <a href="/tags/http/" rel="tag"># http</a>
            
          </div>
        

        

          <div class="post-nav">
            <div class="post-nav-next post-nav-item">
              
                <a href="/p/51e59d76.html" rel="next" title="nginx的location用法和rewrite规则">
                  <i class="fa fa-chevron-left"></i> nginx的location用法和rewrite规则
                </a>
              
            </div>

            <span class="post-nav-divider"></span>

            <div class="post-nav-prev post-nav-item">
              
                <a href="/p/1d063ae7.html" rel="prev" title="linux常用命令总结">
                  linux常用命令总结 <i class="fa fa-chevron-right"></i>
                </a>
              
            </div>
          </div>
        
      </footer>
    
  </div>
  
  
  
  </article>

  </div>


          </div>
          
    
    
  <div class="comments" id="comments">
    <div id="disqus_thread">
      <noscript>Please enable JavaScript to view the comments powered by Disqus.</noscript>
    </div>
  </div>
  
  

        </div>
          
  
  <div class="sidebar-toggle">
    <div class="sidebar-toggle-line-wrap">
      <span class="sidebar-toggle-line sidebar-toggle-line-first"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-middle"></span>
      <span class="sidebar-toggle-line sidebar-toggle-line-last"></span>
    </div>
  </div>

  <aside class="sidebar">
    <div class="sidebar-inner">
        
        
        
        
      

      <ul class="sidebar-nav motion-element">
        <li class="sidebar-nav-toc">
          文章目录
        </li>
        <li class="sidebar-nav-overview">
          站点概览
        </li>
      </ul>

      <!--noindex-->
      <div class="post-toc-wrap sidebar-panel">
          <div class="post-toc motion-element"><ol class="nav"><li class="nav-item nav-level-3"><a class="nav-link" href="#1-https-协议简介"><span class="nav-number">1.</span> <span class="nav-text">1. https 协议简介</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#2-https-非对称加密和数字证书"><span class="nav-number">2.</span> <span class="nav-text">2. https 非对称加密和数字证书</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#3-让自己的网站支持-https"><span class="nav-number">3.</span> <span class="nav-text">3. 让自己的网站支持 https</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#4-freesn网站免费申请"><span class="nav-number">4.</span> <span class="nav-text">4. freesn网站免费申请</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#5-acme自动生成并更新证书"><span class="nav-number">5.</span> <span class="nav-text">5. acme自动生成并更新证书</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#6-golang-实现一个最简单的HTTPS-Web-Server"><span class="nav-number">6.</span> <span class="nav-text">6. golang 实现一个最简单的HTTPS Web Server</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#对服务端数字证书进行验证"><span class="nav-number">7.</span> <span class="nav-text">对服务端数字证书进行验证</span></a></li><li class="nav-item nav-level-3"><a class="nav-link" href="#对客户端的证书进行校验-双向证书校验）"><span class="nav-number">8.</span> <span class="nav-text">对客户端的证书进行校验(双向证书校验）</span></a></li></ol></div>
        
      </div>
      <!--/noindex-->

      <div class="site-overview-wrap sidebar-panel">
        <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
    <img class="site-author-image" itemprop="image"
      src="/images/avatar.jpg"
      alt="Levon">
  <p class="site-author-name" itemprop="name">Levon</p>
  <div class="site-description" itemprop="description">Never Give Up</div>
</div>
<div class="site-state-wrap motion-element">
  <nav class="site-state">
      <div class="site-state-item site-state-posts">
        
          <a href="/archives/">
        
          <span class="site-state-item-count">127</span>
          <span class="site-state-item-name">日志</span>
        </a>
      </div>
    
      
      
      <div class="site-state-item site-state-categories">
        
          
            <a href="/categories/">
          
        
        <span class="site-state-item-count">34</span>
        <span class="site-state-item-name">分类</span>
        </a>
      </div>
    
      
      
      <div class="site-state-item site-state-tags">
        
          
            <a href="/tags/">
          
        
        <span class="site-state-item-count">76</span>
        <span class="site-state-item-name">标签</span>
        </a>
      </div>
    
  </nav>
</div>
  <div class="links-of-author motion-element">
      <span class="links-of-author-item">
      
      
        
      
      
        
      
        <a href="https://github.com/unix2dos" title="GitHub &rarr; https://github.com/unix2dos" rel="noopener" target="_blank"><i class="fa fa-fw fa-github"></i>GitHub</a>
      </span>
    
      <span class="links-of-author-item">
      
      
        
      
      
        
      
        <a href="mailto:levonfly@gmail.com" title="E-Mail &rarr; mailto:levonfly@gmail.com" rel="noopener" target="_blank"><i class="fa fa-fw fa-envelope"></i>E-Mail</a>
      </span>
    
      <span class="links-of-author-item">
      
      
        
      
      
        
      
        <a href="https://twitter.com/levonfly" title="Twitter &rarr; https://twitter.com/levonfly" rel="noopener" target="_blank"><i class="fa fa-fw fa-twitter"></i>Twitter</a>
      </span>
    
      <span class="links-of-author-item">
      
      
        
      
      
        
      
        <a href="https://weibo.com/l6241425" title="Weibo &rarr; https://weibo.com/l6241425" rel="noopener" target="_blank"><i class="fa fa-fw fa-weibo"></i>Weibo</a>
      </span>
    
  </div>



      </div>

    </div>
  </aside>
  <div id="sidebar-dimmer"></div>


      </div>
    </main>

    <footer id="footer" class="footer">
      <div class="footer-inner">
        <div class="copyright">&copy; <span itemprop="copyrightYear">2020</span>
  <span class="with-love" id="animate">
    <i class="fa fa-user"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">Levon</span>
    <span class="post-meta-divider">|</span>
    <span class="post-meta-item-icon">
      <i class="fa fa-area-chart"></i>
    </span>
    <span title="站点总字数">507k</span>
    <span class="post-meta-divider">|</span>
    <span class="post-meta-item-icon">
      <i class="fa fa-coffee"></i>
    </span>
    <span title="站点阅读时长">7:41</span>
</div>

        












        
      </div>
    </footer>
  </div>

  
  <script src="/lib/anime.min.js?v=3.1.0"></script>
  <script src="/lib/velocity/velocity.min.js?v=1.2.1"></script>
  <script src="/lib/velocity/velocity.ui.min.js?v=1.2.1"></script>
<script src="/js/utils.js?v=7.4.0"></script><script src="/js/motion.js?v=7.4.0"></script>
<script src="/js/schemes/pisces.js?v=7.4.0"></script>

<script src="/js/next-boot.js?v=7.4.0"></script>



  
  <script>
    (function(){
      var bp = document.createElement('script');
      var curProtocol = window.location.protocol.split(':')[0];
      bp.src = (curProtocol === 'https') ? 'https://zz.bdstatic.com/linksubmit/push.js' : 'http://push.zhanzhang.baidu.com/push.js';
      var s = document.getElementsByTagName("script")[0];
      s.parentNode.insertBefore(bp, s);
    })();
  </script>








  <script src="/js/local-search.js?v=7.4.0"></script>














  

  

  

<script>
  function loadCount() {
    var d = document, s = d.createElement('script');
    s.src = 'https://levonfly.disqus.com/count.js';
    s.id = 'dsq-count-scr';
    (d.head || d.body).appendChild(s);
  }
  // defer loading until the whole page loading is completed
  window.addEventListener('load', loadCount, false);
</script>
<script>
  function disqus_config() {
    this.page.url = "https://unix2dos.github.io/p/fcd8becb.html";
    this.page.identifier = "p/fcd8becb.html";
    this.page.title = 'https协议简介,网站支持https, golang启动https';};
  function loadComments() {
    if (window.DISQUS) {
      DISQUS.reset({
        reload: true,
        config: disqus_config
      });
    } else {
      var d = document, s = d.createElement('script');
      s.src = 'https://levonfly.disqus.com/embed.js';
      s.setAttribute('data-timestamp', '' + +new Date());
      (d.head || d.body).appendChild(s);
    }
  }
    window.addEventListener('load', loadComments, false);
  
</script>

</body>
</html>
